Cyber Security Outsource Service, LLC’s Post

Velvet Ant's silent invasion.: This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks. This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats. #cyber #cybersecurity #cybersecurityjobs #technology #informationsecurity #cyberjobs #management #innovation

State-Sponsored Hackers Exploiting Two Cisco Zero-Day Vulnerabilities for Espionage A sophisticated state-sponsored hacking group exploited two zero-day vulnerabilities in Cisco networking gear to deliver custom malware and covertly collect data from target environments. The group tracked as UAT4356, deployed two backdoors called "Line Runner" and "Line Dancer" to conduct malicious actions like reconnaissance, traffic capture, and potential lateral movement. The initial access vector is unknown, but the campaign highlights the increased targeting of perimeter devices like firewalls and VPNs, which lack endpoint detection and response solutions. Prompt patching and monitoring of such critical network devices are crucial to prevent such intrusions. #CyberSecurity #ZeroDay #StateSponsoredHackers #CiscoVulnerabilities #NetworkSecurity

ሃከሮች የ Fortinet-flawed ኔትወርክን እንዳጠቁ ተዘገበ። Cybersecurity Alert! It was disclosed that a cyber-espionage incident was made by hackers infiltrated an armed forces network. Here's what you need to know: Target: The breached network, used for unclassified research and development, had less than 50 users and was self-contained, preventing damage to the broader defense network. Exploited Vulnerability: hackers exploited a critical flaw (CVE-2022-42475, CVSS score: 9.3) in Fortinet FortiGate devices, gaining unauthorized access. The flaw allowed them to execute arbitrary code via specially crafted requests. Persistent Threat: The attackers deployed COATHANGER, a stealthy and persistent backdoor, providing remote access to compromised appliances. It survives reboots and firmware upgrades, remaining concealed. Ongoing Threat: Similar attacks leveraging Fortinet vulnerabilities have been observed in the past. Stay vigilant, update security measures, and patch vulnerabilities promptly. #CyberSecurity #DutchMilitary #ChinaCyberEspionage #Fortinet #COATHANGER #InfoSec #ThreatIntelligence

Rising macOS cyber threats, exploitation of Ivanti Connect Secure VPN, active malware campaigns, and attack on Boeing dominate the Securonix Threat Labs monthly report. This month Autonomous Threat Sweeper has seen an increased propensity for macOS malware to go "wild" or be actively used in reciprocal attacks. 📈 The Autonomous Threat Sweeper identified and analyzed 3,728 TTPs and IoCs, 121 emerging threats, investigated 87 potential threats, and elevated 18 threat incidents. Read the latest from the team and watch Ella Dragun and Dheeraj Kumar detail their findings. 📖 👀 https://lnkd.in/gaX_uH4g

Palo Alto Networks zero-day firewall flaws caused by basic dev mistakes Palo Alto Networks’ threat hunting team is tracking the exploitation activity of CVE-2024-0012 and CVE-2024-9474 under the name Operation Lunar Peak and has published indicators of compromise related to it. “This activity has primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services,” the team said. “Observed post-exploitation activity includes interactive command execution and dropping malware, such as webshells, on the firewall.” Feel free to comment ,like,forward and subscribe for more cybersecurity info/insight At qicyber.com Refer to news URL for more details #CyberSecurity #DataProtection #BusinessContinuity #formintiumit #formintiumtech #QiCyberCyberSecurity #5CyberCyberSecurity https://lnkd.in/gPSAARve

FortiManager has been targeted by a missing authentication vulnerability (CVE-2024-47575) exploited by the newly identified UNC5820 threat group. Attackers are gaining control of FortiManager devices, exfiltrating sensitive configuration data, and compromising FortiGate devices. 💻 Learn about the critical details of this vulnerability and how to protect your environment with mitigation strategies and simulations. 🔗 Read the full blog to understand the threat and defend your network: https://hubs.li/Q02VDp140 #CyberSecurity #ZeroDay #FortiManager #FortiGate #UNC5820

🚀 Did You Know About HardSec? 🔒 In today's tech-driven world, hardsec is becoming increasingly crucial. But what exactly is hardsec, and why should you care? What is Hardsec: Short for "Hardware Security", Hardsec is the use of hardware logic and electronics to implement security protection, rather than just software, thereby providing a higher level of security assurance and resilience to both external and internal threats. This makes it an important component of comprehensive cyber security strategies. For more updates, Follow us on LinkedIn Page https://lnkd.in/dCWswyRH Facebook https://lnkd.in/dHrYp2iA Contact us for consultation: commoncriteria.gov.pk Industry IT System Testing and Evaluation #cybersecurity #DigitalPakistan #Technology #Telecomsecurity #Ministeryofdefence #PSDP #InfoSec #CyberThreats #NetworkSecurity #Cyberdefence #Securityawareness #DigitalSecurity

𝐂𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤𝐞𝐫𝐬 𝐈𝐧𝐜𝐫𝐞𝐚𝐬𝐢𝐧𝐠𝐥𝐲 𝐔𝐬𝐢𝐧𝐠 ‘𝐂𝐚𝐭-𝐏𝐡𝐢𝐬𝐡𝐢𝐧𝐠’ 𝐓𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬: 𝐇𝐏 𝐈𝐫𝐞𝐥𝐚𝐧𝐝 𝐑𝐞𝐩𝐨𝐫𝐭 A recent report by HP Ireland reveals a rise in ‘cat-phishing’ cyberattacks. These attacks direct users to malicious websites through vulnerabilities in ads and website links, making them hard to detect. The HP Wolf Security Threat Insights Report for Q1 2024 highlights several cyberthreat trends: Cat-Phishing: Exploits open redirect vulnerabilities to deliver WikiLoader malware, misleading users to malicious sites. Fake Invoices: Social engineering techniques, particularly fake overdue invoices in PDF format, target enterprises for higher ROI. About 11% of threats were delivered via PDF documents. Malware via Archives: Malicious scripts embedded in ZIP archives downloaded through PDF links. Read the HP Wolf Security Threat Insights Report Q1 2024 here: https://bit.ly/4avDNRC #Cybersecurity #CyberAttack #Phishing #CatPhishing #DataProtection #Infosec #ThreatIntelligence #HPWolfSecurity #TechNews #CyberThreats #OnlineSafety #DigitalSecurity #ITSecurity #SecurityReport #MalwareProtectionc #EnterpriseDefence #CyberRiskExperts

USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics: Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year.  The malware poses a serious threat to operational technology (OT) systems, with 26% capable of causing major disruptions like loss of […] The post USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Day 59 🔐Exploring Lateral Movement and Active Directory Attacks 🔐 Today, I dove deep into some advanced techniques for network penetration testing, specifically focused on lateral movement and Active Directory (AD) exploitation 🚩 Key Concepts Covered 🔹Lateral Movement: Techniques used by attackers to move between systems once inside the network. 🔹Pass The Hash (PTH): Using stolen NTLM hashes to authenticate and move laterally without needing the actual password. 🔹Silver Ticket Attack: Manipulating Kerberos tickets to impersonate any service account and gain unauthorized access. 🔹 Overpass The Hash: Combining NTLM and Kerberos attacks for deeper penetration within the network. These methods are crucial in understanding how attackers navigate and exploit networks—essential knowledge for enhancing defense strategies! 🔐💻 #CyberSecurity #Pentesting #ActiveDirectory #LateralMovement #EthicalHacking #OSCP #Infosec #CyberAwareness